Last week, cyber criminals created a fraudulent customer service account for National Westminster Bank, linking unsuspecting Twitter users to a phishing site. Oddly enough, this wasn’t the first time National Westminster Bank has been targeted for cyber assault.
Patrons have been plagued by myriad of technical security related issues for over a year. From “missing” payments to frozen accounts, patrons of National Westminster have been through the metaphorical wringer. After yet another technical failing on Tuesday, customers took to Twitter to voice their complaints and seek help from National Westminster’s verified customer support account, @NatWest_Help.
Unfortunately, frustrated and increasingly desperate customers are the perfect demographic for phishers. By masquerading as helpful customer service representatives, these scammers were able to snare their victims in three easy steps.
Step One: Observe
Scammers lay in wait until the legitimate account, @NatWest_Help, became unresponsive. This was taken as a cue that customer service representatives were off-duty— giving the scammers a window of opportunity to wreak havoc. Under the moniker @NatWest_HelpTC, the imposters simply picked up the conversation where the legitimate account left off. By becoming part of an on-going conversation, scammers hone in on users who have already identified their problem and are actively seeking a solution.
Step Two: Fake it Till You Make It
Not only did @NatWest_HelpTC look like the legitimate account, it sounded like the real deal. In order to lure their victims in, scammers sent out a series of tweets apologizing on behalf of National Westminster for any confusion and prompting customers to verify their account. By using language with which users were already familiar, the crooks were able to fly under some user’s critical thinking radar. Ordinarily, spelling and grammar mistakes act as a red flag for wary recipients of phishing attempts. In their 2016 Data Breach report, Verizon estimates that less than 12% of potential targets fall for traditional phishing scams.
Step Three: In For the Kill
So why did this phish link garner forty six clicks? The new generation of cyber criminals play off of what makes social media so successful in the first place: personalized interaction.
This newest form of phishing through social media is a type of “spear-phishing”. It’s a more sophisticated form of phishing that targets a small group or person using social engineering tactics and boasts a high rate of return.
Spear-phishing is all about information. Instead of sending out mass emails in the thousands, spear phishers focus on context. It’s a more human centered approach to gathering financially sensitive information from an unsuspecting populace. The @NatWest_HelpTC scammers knew their targets’ bank and specific problem. All they had to do was manufacture a reasonable answer: follow the phish link and all your problems will be solved!
In this case, a Twitter user launched a conversation with @NatWest_Help inquiring about the availability of a new service: When will Visa Debit cards be added to Apple Pay? As the conversation built in momentum, more tweets were fired off with accusations slung at National Westminster for failing to deliver. Sure enough, the scammers swept in with a courteous apology and a “solution”:
“We sincerely apologize for this, it is only available to verified account holders. Visit bit.ly/Nat West to re-verify”
By capitalizing on customer dissatisfaction and trolling until the perfect moment, the new wave of online con artists poses a daunting threat. This story points to a broader trend in cyber crime that presents new challenges to security. Social media provides a unique platform to communicate with potential victims and forge a vaguely intimate connection. Users control which accounts they follow and interact with, thereby creating their personal network. Once a user starts following and interacting with an account they are operating with an assumption of trust— in other words, their guard is down.
The funny thing about trust is, once it’s gone, it’s pretty hard to get back. It’s unclear how this barrage of cyber crime will affect National Westminster’s ability to offer secure banking services online.